ABSTRACT
This chapter explains, reference is made to the size of the problem, the social engineering and to who does it and why. Attention is then given to targets: the employees, what happens in the real world and then a conclusion is provided. It focuses on the well-meaning employee, and how to protect him or her from inadvertently causing an Information Security breach, usually in response to a social engineering attack. The highly publicized advent of the Stuxnet worm may force a revision of this approach, since it seems clear that social engineering techniques went into the construction of this worm, as well as its introduction into highly specific target systems. The pre-defined axes align with difficult choices. The data collection exercises organized through the research workshops enabled questions to be posed, additional questions that users might face to be identified, and judgements made regarding correct responses.
